Forward secure bilateral access control for end-cloud collaborative Internet of Things

In the Internet of Things (IoT) environment, the end-cloud collaborative architecture enables secure sharing and processing of massive data between the terminals and the cloud. It highlights establishing trusted transmission and computing mechanisms to ensure security over the data's full lifecycle. However, privacy issues about illegal access and forgery of sensitive data are increasingly severe during the computation, storage, and distribution process, thus hindering the development of IoT. Although the bilateral access control methods for end-cloud collaboration enforce access control on user privilege and ensure data source credibility through authentication mechanisms, they struggle to balance forward security and communication cost, resulting in limited key updating efficiency and policy flexibility. To address these practical issues, this paper proposes a novel forward secure bilateral access control scheme named FSBiAC for end-cloud collaborative IoT, which draws on the idea of matchmaking encryption and puncturable encryption. Our scheme outsources a significant portion of puncture tasks to reduce local updating overhead, while the bi-directional match between policies and attributes ensures fine-grained bilateral access control. Detailed proofs demonstrate that FSBiAC achieves semantic security under selectively chosen plaintext attacks (IND-sCPA) and existential unforgeability under chosen message attacks (EUF-CMA). Simulation shows that FSBiAC realizes superior computation and storage overhead compared to the previous studies.